Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-58112 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 7.5 HIGH |
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-58111 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 7.5 HIGH |
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-52342 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | N/A | 7.5 HIGH |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2022-38166 | 3 Apple, F-secure, Microsoft | 3 Macos, Elements Endpoint Protection, Windows | 2025-04-29 | N/A | 7.5 HIGH |
| In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | |||||
| CVE-2025-43855 | 2025-04-29 | N/A | N/A | ||
| tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1. | |||||
| CVE-2022-3500 | 3 Fedoraproject, Keylime, Redhat | 3 Fedora, Keylime, Enterprise Linux | 2025-04-29 | N/A | 5.1 MEDIUM |
| A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. | |||||
| CVE-2024-20048 | 2 Google, Mediatek | 39 Android, Mt2713, Mt6781 and 36 more | 2025-04-23 | N/A | 6.2 MEDIUM |
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769. | |||||
| CVE-2024-20049 | 5 Google, Linuxfoundation, Mediatek and 2 more | 47 Android, Yocto, Mt2713 and 44 more | 2025-04-23 | N/A | 4.4 MEDIUM |
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765. | |||||
| CVE-2024-49705 | 2025-04-15 | N/A | N/A | ||
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually. Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0 | |||||
| CVE-2025-32944 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup. | |||||
| CVE-2025-20663 | 1 Mediatek | 5 Mt7915, Mt7916, Mt7981 and 2 more | 2025-04-11 | N/A | 7.5 HIGH |
| In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031. | |||||
| CVE-2025-20664 | 1 Mediatek | 7 Mt7915, Mt7916, Mt7981 and 4 more | 2025-04-11 | N/A | 7.5 HIGH |
| In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773. | |||||
| CVE-2025-20637 | 1 Mediatek | 3 Mt7981, Mt7986, Software Development Kit | 2025-03-17 | N/A | 7.5 HIGH |
| In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380. | |||||
| CVE-2023-20628 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2025-03-05 | N/A | 6.7 MEDIUM |
| In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | |||||
| CVE-2024-13417 | 2025-02-21 | N/A | 4.6 MEDIUM | ||
| Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | |||||
| CVE-2025-24836 | 2025-02-13 | N/A | 7.1 HIGH | ||
| With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition. | |||||
| CVE-2023-31125 | 1 Socket | 1 Engine.io | 2025-02-13 | N/A | 6.5 MEDIUM |
| Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version. | |||||
| CVE-2025-20097 | 2025-02-12 | N/A | 4.3 MEDIUM | ||
| Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | N/A | 6.5 MEDIUM |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | |||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | N/A | 6.5 MEDIUM |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | |||||